PatchSiren cyber security CVE debrief
CVE-2026-11341 D-Link CVE debrief
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely.
- Vendor
- D-Link
- Product
- DWR-M920
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of D-Link DWR-M920 up to 1.1.50
Technical summary
The vulnerability is caused by a flaw in the sub_412DA0 function of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates provided by the vendor
- Restrict access to the /boafrm/formIMEISetup file
Evidence notes
The exploit has been published and may be used.
Official resources
CVE-2026-11341 was published on 2026-06-05T18:17:04.513Z and modified on 2026-06-05T19:02:13.790Z.